What is CVE-2020-11793?

CVE-2020-11793 is a use-after-free vulnerability in WebKitGTK and WPE WebKit that allows remote attackers to execute arbitrary code or cause a denial of service.

What software is affected by CVE-2020-11793?

CVE-2020-11793 affects WebKitGTK before version 2.28.1 and WPE WebKit before version 2.28.1.

How severe is CVE-2020-11793?

CVE-2020-11793 has a severity score of 8.8, which is considered high.

How can I fix CVE-2020-11793?

To fix CVE-2020-11793, you should update WebKitGTK to version 2.28.1 or later.

Where can I find more information about CVE-2020-11793?

You can find more information about CVE-2020-11793 on the MITRE CVE website, the WebKitGTK security advisory, and the Ubuntu Security Notice.

Vulnerability/
CVE-2020-11793

high

8.8

CWE

416

16/4/2020

15/12/2023

CVE-2020-11793: Use After Free

First published: Thu Apr 16 2020(Updated: )

A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash).

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/webkit2gtk		2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2
debian/wpewebkit		2.38.6-1~deb11u1 2.38.6-1 2.42.1-1
WebKitGTK WebKitGTK	<2.28.1
Wpewebkit Wpe Webkit	<2.28.1
Canonical Ubuntu Linux	=18.04
Canonical Ubuntu Linux	=19.10
Fedoraproject Fedora	=30
Fedoraproject Fedora	=31
Fedoraproject Fedora	=32
openSUSE Leap	=15.1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1-0ubuntu0.18.04.1	2.28.1-0ubuntu0.18.04.1
ubuntu/webkit2gtk	<2.28.1-0ubuntu0.19.10.1	2.28.1-0ubuntu0.19.10.1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
ubuntu/webkit2gtk	<2.28.1	2.28.1
ubuntu/webkit2gtk	<2.28.1-1	2.28.1-1
redhat/webkitgtk	<2.28.1	2.28.1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

USN-4331-1

Frequently Asked Questions

What is CVE-2020-11793?
CVE-2020-11793 is a use-after-free vulnerability in WebKitGTK and WPE WebKit that allows remote attackers to execute arbitrary code or cause a denial of service.
What software is affected by CVE-2020-11793?
CVE-2020-11793 affects WebKitGTK before version 2.28.1 and WPE WebKit before version 2.28.1.
How severe is CVE-2020-11793?
CVE-2020-11793 has a severity score of 8.8, which is considered high.
How can I fix CVE-2020-11793?
To fix CVE-2020-11793, you should update WebKitGTK to version 2.28.1 or later.
Where can I find more information about CVE-2020-11793?
You can find more information about CVE-2020-11793 on the MITRE CVE website, the WebKitGTK security advisory, and the Ubuntu Security Notice.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/launchpad-cve
collector/nvd-cve
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-11793
agent/software-canonical-lookup
collector/security-tracker-debian
collector/usn-cve
vendor/webkitgtk
canonical/webkitgtk webkitgtk
vendor/wpewebkit
canonical/wpewebkit wpe webkit
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/18.04
version/canonical ubuntu linux/19.10
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/30
version/fedoraproject fedora/31
version/fedoraproject fedora/32
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/15.1
package-manager/redhat
package-manager/debian
package-manager/ubuntu